More DCE_RPC improvements.

- The logic for fragment handling has been rewritten and should be correct now.
 - There are now tunables for fragment handling overflow situations.
   - DCE_RPC::max_cmd_reassembly and DCE_RPC::max_frag_data
   - They result in weirds and analyzer removal.
 - Memory leak fixed by unique_ptr auto cleanup.
 - DCE_RPC is now intolerate of content gaps and will stop
   analyzing traffic if content gaps happen (like most other analyzers currently).

src/analyzer/protocol/dce-rpc/DCE_RPC.cc

@@ -16,6 +16,7 @@ using namespace analyzer::dce_rpc;
 DCE_RPC_Analyzer::DCE_RPC_Analyzer(Connection *conn)
 : tcp::TCP_ApplicationAnalyzer("DCE_RPC", conn)
 	{
+	had_gap = false;
 	interp = new binpac::DCE_RPC::DCE_RPC_Conn(this);
 	}
 
@@ -41,6 +42,7 @@ void DCE_RPC_Analyzer::EndpointEOF(bool is_orig)
 void DCE_RPC_Analyzer::Undelivered(uint64 seq, int len, bool orig)
 	{
 	TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	had_gap = true;
 	interp->NewGap(orig, len);
 	}
 
@@ -49,6 +51,12 @@ void DCE_RPC_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
 
 	assert(TCP());
+
+	if ( had_gap )
+		// If only one side had a content gap, we could still try to
+		// deliver data to the other side if the script layer can handle this.
+		return;
+
 	try
 		{
 		interp->NewData(orig, data, data + len);